Abnormal Network Traffic Detection based on Identification Mark of IP Packet

A new method of abnormal network traffic based on the distribution of IP packets' Identification is proposed in this paper be-cause many of abnormal network traffics are generated by special mechanisms,which are different from the ordinary traffics created on the basic network protocols.The correctness of this method is proved by the results of IP packets detect with different time on CERNET.